Communications through the internet / world wide web rely on a set of standards referred to as Hyper Text Transfer Protocol, or “HTTP“. Without going too deeply into the details, HTTP provides a method to request information and to have information delivered. When you type a web address in your browser, you are requesting to see that specific page. Every page of every website has a unique address, or “URL” (Uniform Resource Locator), which contains the data you are looking for. This web page is typically stored on a computer or web hosting site. When the request is received, the hosting site responds with the web page, which is then displayed in your web browser. If you happen to request a page which doesn’t exist or doesn’t have a valid address, you’ll most likely see a “404 Page Not Found” error.
The majority of web pages, pictures and videos you would view on the web don’t contain any sensitive information. But what about when you need to protection for your information? The most common examples are shopping sites like Amazon, banking sites like Wells Fargo or entertainment sites which require credit card or electronic payment information. There also needs to be a mechanism for these sites to protect themselves against malicious users and hackers. In these cases, a security level is needed on top of the HTTP communication methods, which is the “S” in “HTTPS“.
To make it easy to identify which websites are using secure communications, in addition to the “https://” prefix which may show in the web address, each of the the major web browsers have visual cues. Note, that depending on which of 3 levels of SSL certifications (e.g., DV – Domain Validation, OV – Organization Validation, EV – Extended Validation) is used, you’ll see slight variations.The folks at PixelPrivacy have put together a nice guide to explain SSL certifications.
To illustrate this, we’ll show how our site, SourceTech411, with EV SSL certification shows up in the most common web browsers.
Using Windows newest browser, Edge, you get an identifiable visual: the green padlock, along with the company name also in green. In brackets is the county where the company is located. To the right is the web address, with the “https://” prefix.
In Internet Explorer (IE), visually the entire address bar is green. Also, there is the “https://” at the start of the website address, as well as a green padlock icon to the far right. Following this is the company name, along with the country location. The padlock is the visual identifier to let us know this is a secure site.
Firefox has a similar look to Edge. There is a green padlock, followed by the company name and the country in parenthesis. We also get the prefix “https://” at the start of the URL. Having the visual lock cue and the green text makes it easier to notice that a site is secure.
In Chrome, we again get the standard SSL certification indications: A green padlock, the company name, country and “https://”.
As of late January, Chrome will identify any webpages that ask for passwords or payment information. If it is running under HTTPS, the “secure” visuals will be shown. However, if it is not running HTTPS, Chrome will give a “Not Secure” indicator to the right. Going forward, Chrome will make it even more obvious by including a red hazard icon along with a bold red “Not Secure” textual warning. Wordfence recently published details on the Chrome roll-out.
Other indicators you might see that indicate a site does not have a SSL certification or if there is mixed content on a secured site (like an image or a link, which could be compromised) are:
The URL does not have “https://” in it, the padlock is missing, and it’s not green. Here is a snapshot for our site address with the certification disabled:
You may also get a warning visual. In this case the site has an SSL certification, as indicated by the “https://”, but not 100% of the content on that page may be secure.
Or an obvious message:
What this means for users is a simple, easily recognizable way to quickly recognize if a website is secure for purchasing, gaming, banking or just running a higher level of protection. If you don’t see any secure visual cues on the majority of the pages you visit, there is not need to worry as long as you aren’t providing any personal information. So go ahead and watch those cat videos and read reviews on the 99% of sites that don’t need to be running security.
If you are a developer or would like to have more information on securing websites and transactions, may be recommend these titles from Amazon:
HTTP: The Definitive Guide ($34.85 – Paperback)
What Every Web Developer Should Know About HTTP ($0.00 – Kindle Unlimited eBook)
WordPress Security 101: How to secure your website against hackers ($0.00 – Kindle Unlimited eBook)
Implementing SSL / TLS Using Cryptography and PKI ($41.72 – Paperback)
Some additional resources worth reading: If you are a content provider using WordPress, it’s critical to keep your site secure for yourself as well as your readers. Alex Grant at Best VPN have put together a comprehensive guide for WordPress security that is worth reading.
We would like your opinion – Would you value content more if a site is secure? Please share below …